Security Leftovers and Windows TCO
-
Navigating the EOL of PHP 8.0: Immediate Actions and Long-Term Strategies
The progression of programming languages through their lifecycles demands vigilant management, particularly at the transition to End-of-Life (EOL). With PHP 8.0’s EOL in November 2023, organizations that have not yet migrated face immediate security and operational risks. This guide provides essential tools and an action plan for organizations to navigate this post-EOL landscape effectively.
-
Open Source Security (Audio Show) ☛ Josh Bressers: Episode 415 – Reducing attack surface for less security
Josh and Kurt talk about a blog post explaining how to create a very very small container image. Generally in the world of security less is more, but it’s possible to remove too much. A lot of today’s security tooling relies on certain things to exist in a container image, if we remove them we could actually result in worse security than leaving it in. It’s a weird topic, but probably pretty important.
-
LinuxSecurity ☛ New Linux Kernel Security Flaw Leads to Information Disclosure
Imagine your most sensitive and critical information being made accessible to threat actors without your permission or knowledge. This is exactly what a new information disclosure flaw discovered in the Linux kernel up to 5.17 could result in.
-
Windows TCO
-
Data Breaches ☛ Cyberattack at Armentières hospital, emergency rooms closed for the day
The Armentières hospital center was the victim of a cyberattack during the night from Saturday to Sunday at 2 a.m., France Bleu Nord learned on Sunday February 11 from the hospital management. The pirates demand a ransom from the hospital. The emergency department is closed for the next 24 hours, patients are being redirected to other hospitals.
-
[Old] The Register UK ☛ MS paper touts Unix in Hotmail's Win2k switch
Another good thing about UNIX is that everything is out in the open, for admins, anyway: "It's easy to look at a UNIX system and know what is running and why. Although its configuration files may have arcane (and sometimes too-simple) syntax, they are easy to find and change."
Whereas in Win2K: "Some parameters that control the system's operation are hidden and difficult to fully assess. The metabase is an obvious example. The problem here is that is makes the administrator nervous; in a single-function system he wants to be able to understand all of the configuration-related choices that the system is making on his behalf."
-
-
Integrity/Availability/Authenticity
-
Jonathan Y Chan ☛ Corporate Processing Service Scam
Received this official-looking document in the mail by virtue of having my address associated with my failed startup. If you look at the fine print you’ll notice it’s not actually from the government. It’s from a scam company called “Corporate Processing Service” that is generously offering to file a form for you for $243. The state only charges you $25 and has an online form.
-